Problem/Motivation

In #540008: Add a container parameter that can remove the special behavior of UID#1 an approach was taken where we can simply flag tests that are failing if we turn off user 1's super user powers, so that they can be taken care of in a followup. This issue is to collect all of these followups.

The goal is to have no tests in Drupal core that rely on UID1's special privileges so that we:

  1. Know these tests are correctly assigning the necessary permissions to run
  2. Can turn off the super user access policy in D11, knowing it won't break core
  3. Can remove the super user access policy in D12, providing an admin account recovery tool to replace it

Steps to reproduce

Go into any of the tests flagged with:

  /**
   * {@inheritdoc}
   *
   * @todo Remove and fix test to not rely on super user.
   * @see https://www.drupal.org/project/drupal/issues/3437620
   */

And:

  1. Remove the code below that sets the usesSuperUserAccessPolicy to TRUE.
  2. Run the test to see which test methods are failing

Proposed resolution

Assign the right permissions to make the test go green without the super user access policy. Those few tests that specifically test said policy can obviously stay, but will be removed along with the policy in D12.

Remaining tasks

  • core/modules/content_moderation/tests/src/
    • Functional/ModerationContentTranslationTest.php
    • Functional/ModerationFormTest.php
    • Functional/ModerationLocaleTest.php
    • Functional/ModerationStateBlockTest.php
    • Functional/WorkspaceContentModerationIntegrationTest.php
    • Kernel/EntityStateChangeValidationTest.php

Issue fork drupal-3439832

Command icon Show commands

Start within a Git clone of the project using the version control instructions.

Or, if you do not have SSH keys set up on git.drupalcode.org:

About issue forks

Comments

vensires created an issue. See original summary.

vensires’s picture

vensires
Location Greece
commented
Title: Fix all tests that rely on UID1's super user behavior - Blocks » Fix all tests that rely on UID1's super user behavior - Content Moderation
quietone’s picture

quietone commented
Issue tags: +Needs title update

The issue title reads like this will be fixing all the tests, when it really is just those in content moderation. Maybe someth8ing like, "Fix content_moderation tests that rely on UID1's super user behavior"

vensires’s picture

vensires
Location Greece
commented
Title: Fix all tests that rely on UID1's super user behavior - Content Moderation » Fix Content Moderation tests that rely on UID1's super user behavior

Nice catch! Just changed. Will change the other issues too. Thanks for the remark!

vensires’s picture

vensires
Location Greece
commented
Issue tags: -Needs title update

pradhumanjain2311 made their first commit to this issue’s fork.

pradhumanjain2311 opened merge request !7586

SolimanHarkas made their first commit to this issue’s fork.

SolimanHarkas opened merge request !8091

pooja_sharma made their first commit to this issue’s fork.

pooja_sharma changed the visibility of the branch 3439832-fix-content-moderation-test to hidden.

pooja_sharma opened merge request !8643

pooja_sharma’s picture

pooja_sharma commented

Addressed the superuser code needs to remove & added respective permissions.

Facing issue with existing MR, so created new branch , it also have conflicts , so fixed those & raise the MR.

Please review MR 8643, move NR

pooja_sharma’s picture

pooja_sharma commented
Status: Active » Needs review

smustgrave changed the visibility of the branch 11.x to hidden.

smustgrave changed the visibility of the branch 3439832-fix-content-moderation to hidden.

smustgrave’s picture

smustgrave commented
Status: Needs review » Needs work

Left some comments on the MR.

pooja_sharma’s picture

pooja_sharma commented
Status: Needs work » Needs review

I have replied on the queries, Please review & passing for NR.

smustgrave’s picture

smustgrave commented
Status: Needs review » Needs work

Saving credit for those who have worked on the issue thus far.

Left a response to the thread.

pooja_sharma’s picture

pooja_sharma commented
Status: Needs work » Needs review

@smustgrave, I can't see new comment on MR, on the basis of prev comment , I 'm trying to reply on query:

Goal of ticket is adding permissions only, however permission can be assign to user only if module install code added before user login, if module install & respective config install (if required/added) code added after user login code in that case scenario permission can be assign only by adding role (checked in core as well)

PLease review, moving NR

smustgrave’s picture

smustgrave commented
Status: Needs review » Needs work

Instead of creating a bunch of roles for single permissions

Why not move $this->setCurrentUser($this->adminUser); to below when the workflow is created and change to $this->setCurrentUser($this->createUser(['single permissiono']));

Should result in less calls being made.

pooja_sharma’s picture

pooja_sharma commented
Status: Needs work » Needs review

Thanks for reviewing, tried to address the feedback, Please review, moving NR.

smustgrave’s picture

smustgrave commented
Status: Needs review » Needs work

Had some threads I forgot to save from earlier that's my mistake.

pooja_sharma’s picture

pooja_sharma commented
Status: Needs work » Needs review

Yeah I have similar thoughts, u didn't mention similar changes here then also skip from my end as well.

Applied suggestions, PLease review, moving NR.

smustgrave’s picture

smustgrave commented
Status: Needs review » Reviewed & tested by the community
Issue tags: +Needs Review Queue Initiative

Feedback appears to have been addressed

quietone’s picture

quietone commented
Status: Reviewed & tested by the community » Needs work
Issue tags: +Needs reroll

The diff does not apply to 11.x HEAD. And while does that I think it would make it easier to maintain if all the lists of permissions were sorted. Some of these in this MR are quite long. Thanks.

quietone’s picture

quietone commented
Status: Needs work » Reviewed & tested by the community
Issue tags: -Needs reroll

I don't know why but the diff applies now. The only commands I executed in my working directory was 'git log' and 'git status' . I'm restoring the status while I review.

quietone’s picture

quietone commented
Status: Reviewed & tested by the community » Needs review

Four of the functional tests extend from \Drupal\Tests\content_moderation\Functional\ModerationStateTestBase which defines a user and many permissions. Why are these four tests creating a new user with different permissions? Why not use the existing user and grant any permissions needed? It would simplify the tests.

quietone’s picture

quietone commented

Oh, and a reminder that we work collaboratively. Typically, there is no need to create a new branch and separate MR. Thanks.

pooja_sharma’s picture

pooja_sharma commented
Assigned: Unassigned » pooja_sharma

Thanks for reviewing it, Verifying to address #28 feedback.

pooja_sharma’s picture

pooja_sharma commented
Assigned: pooja_sharma » Unassigned

Addressed #28 feedback, sorry it was missed from my end, now code looks clean & tried to compare the old & changed generated test html files output - both are same.

Please review, moving NR.

smustgrave’s picture

smustgrave commented
Status: Needs review » Reviewed & tested by the community

Feedback appears to be addressed.

alexpott’s picture

alexpott
he/they
Primary language English
Location 🇪🇺🌍
commented
Version: 11.x-dev » 11.1.x-dev
Status: Reviewed & tested by the community » Fixed

Committed and pushed 56186f9070b to 11.x and 743c2e68f70 to 11.1.x. Thanks!

  • alexpott committed 743c2e68 on 11.1.x 
    Issue #3439832 by pooja_sharma, solimanharkas, smustgrave, quietone,...

  • alexpott committed 56186f90 on 11.x 
    Issue #3439832 by pooja_sharma, solimanharkas, smustgrave, quietone,...

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.